Vulnerability Description
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance X200Irt Firmware | <= 5.0.0 |
| Siemens | Scalance X200-4P Irt | - |
| Siemens | Scalance X201-3P Irt | - |
| Siemens | Scalance X202-2Irt | - |
| Siemens | Scalance X202-2P Irt | - |
| Siemens | Scalance X204Irt | - |
| Siemens | Scalance Xf204Irt | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf
FAQ
What is CVE-2013-3633?
CVE-2013-3633 is a vulnerability with a CVSS score of 8.0 (HIGH). A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch ...
How severe is CVE-2013-3633?
CVE-2013-3633 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3633?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200Irt Firmware, Siemens Scalance X200-4P Irt, Siemens Scalance X201-3P Irt, Siemens Scalance X202-2Irt, Siemens Scalance X202-2P Irt.